On Thu, 20 Mar 2003 02:43, [EMAIL PROTECTED] wrote: > 2. Install, setup, learn and use some software such as tripwire, that you > can use to see whether there are unauthorised changes to system files.
Unless you run tripwire from bootable removable media that doesn't do much good. > 3. > Consider mounting /usr ro. One way that appeals to me, but I've no actually > tried it, is to make an ISO of it and mount it on loopback. If you can have > / ro, so much the better. If they crack root then they can mount it read-write. If you want it really read-only then consider using a CD-ROM. > 4. Make sure that writable partitions are mounted noexec. If someone > breaks, say Apache as was a possibility a few months ago, you don't want > them running their cracker kit on your box. Note that this is not perfect, > '/bin/bash -c "source ./kit"' can still do some damage. If you install SE Linux then you get much better control over your system. When Apache can't even see other processes or write to /tmp it makes such exploits much more difficult. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page